[Secure-testing-commits] r14528 - data/CVE

Mon Apr 19 21:14:24 UTC 2010

Author: joeyh
Date: 2010-04-19 21:14:22 +0000 (Mon, 19 Apr 2010)
New Revision: 14528

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-04-19 14:19:40 UTC (rev 14527)
+++ data/CVE/list	2010-04-19 21:14:22 UTC (rev 14528)
@@ -1,3 +1,23 @@
+CVE-2010-1467 (Multiple PHP remote file inclusion vulnerabilities in openUrgence ...)
+	TODO: check
+CVE-2010-1466 (Directory traversal vulnerability in scr/soustab.php in openUrgence ...)
+	TODO: check
+CVE-2010-1465 (Stack-based buffer overflow in Trellian FTP client 3.01, including ...)
+	TODO: check
+CVE-2010-1464 (Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst ...)
+	TODO: check
+CVE-2010-1463 (Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE ...)
+	TODO: check
+CVE-2010-1462 (Directory traversal vulnerability in WebAsyst Shop-Script FREE has ...)
+	TODO: check
+CVE-2010-1461 (Directory traversal vulnerability in the Photo Battle ...)
+	TODO: check
+CVE-2010-1460 (The IBM BladeCenter with Advanced Management Module (AMM) firmware ...)
+	TODO: check
+CVE-2010-1459
+	RESERVED
+CVE-2010-1458
+	RESERVED
 CVE-2010-XXXX [fetchmail memory exhaustion DoS]
 	- fetchmail 6.3.16-2 (low)
 	[lenny] - fetchmail <no-dsa> (only vulnerable when run under debug verbosity level)
@@ -706,21 +726,18 @@
 	RESERVED
 CVE-2010-1164
 	RESERVED
-CVE-2010-1163 [another sudoedit issue]
-	RESERVED
+CVE-2010-1163 (The command matching functionality in sudo 1.6.8 through 1.7.2p5 does ...)
 	- sudo <unfixed> (bug #578275)
 	[lenny] - sudo <not-affected> (ignore_dot default value is off and can't be changed in runtime)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=580441#c3
 CVE-2010-1162 [linux-2.6: tty pid issue]
 	RESERVED
 	- linux-2.6 <unfixed>
-CVE-2010-1161 [nano: unsafe creation of backup files]
-	RESERVED
+CVE-2010-1161 (Race condition in GNU nano before 2.2.4, when run by root to edit a ...)
 	- nano 2.2.4-1 (low; bug #577817)
 	[lenny] - nano <no-dsa> (minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2010/04/14/4
-CVE-2010-1160 [nano: unsafe overwriting of existing files]
-	RESERVED
+CVE-2010-1160 (GNU nano before 2.2.4 does not verify whether a file has been changed ...)
 	- nano 2.2.4-1 (low; bug #577817)
 	[lenny] - nano <no-dsa> (minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2010/04/14/4
@@ -728,12 +745,10 @@
 	RESERVED
 CVE-2010-1157
 	RESERVED
-CVE-2010-1156
-	RESERVED
+CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to ...)
 	- irssi 0.8.15-1 (low)
 	[lenny] - irssi <no-dsa> (Minor issue)
-CVE-2010-1155
-	RESERVED
+CVE-2010-1155 (Irssi before 0.8.15, when SSL is used, does not verify that the server ...)
 	- irssi 0.8.15-1 (low)
 	[lenny] - irssi <no-dsa> (Minor issue)
 CVE-2010-1154
@@ -1987,8 +2002,7 @@
 	- openssl 0.9.8n-1 (medium; bug #575607)
 	[lenny] - openssl <not-affected> (only 0.9.8m is affected with 16 bit shorts)
 	NOTE: http://www.openssl.org/news/secadv_20100324.txt
-CVE-2010-0739 [dvips sprintf buffer overflow]
-	RESERVED
+CVE-2010-0739 (Integer overflow in the predospecial function in dospecial.c in dvips ...)
 	NOTE: http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log
 	- texlive-bin <unfixed> (low)
 	[lenny] - texlive-bin <no-dsa> (minor issue)


